Preparing for PSD2: Some Critical Considerations

In just three months European banking will undergo a seismic shift brought on by a regulatory event known as the revised Payment Services Directive. Starting in mid-January, banks and other financial institutions will be required to make customer account information available to approved third-party applications via open APIs. The dry technical specifications are not exactly holiday reading, but they describe a game changer so consequential industry pundits are calling it the banking sector’s “iPhone moment.”

For the first time in their long and storied histories, the great European banks are going to find themselves competing on a purely digital playing field. Yet outside a handful of internal development groups, few organizations are prepared to address the far-reaching impacts of what will soon be the new status quo. Regrettably, the consequences for the unprepared are likely be severe.

Most technologists understand PSD2 will fundamentally alter not only payments delivery but also the way their organizations attract and retain customers. They are simply too overwhelmed by the immediate demands of compliance to address longer-term considerations. The European Banking Authority only published the final guidelines for banks and other financial services companies in mid-July. Since then hundreds of development teams have been scrambling to create APIs and applications to access them.

The reality is that APIs and apps alone will not be enough to ward off disruption. According to a research analysis by Accenture, banks in the United Kingdom are poised to lose up to 43% of their payments revenue as a result of the directive and developments like Apple Pay. Accenture says European banks are at a crossroads—either they must resign themselves to a new status as “banking utilities” or they must embed themselves in their customers’ lives like never before.

If they choose the latter path they need to act now to safeguard their relationships with their customers. Not only must they provide innovative services that take care of their customers’ daily needs, but these services must be at least as good as those offered by competitors who are using their data. The good news is banks will have a built-in advantage right off the starting block. Seven out of ten consumers trust their banks to handle their payments over other providers, Accenture found. But the banks’ biggest advantage—their customer data and the relationships it describes—is also their biggest weakness.

Although the effects may not be felt immediately, with time the new services made possible by PSD2 will place an unprecedented load on banking systems as competing payment providers call on the banks’ APIs. Banks risk losing their customers if their digital systems fail to perform. According to the AppDynamics App Attention Span Study, 80% of respondents deleted an app because of poor performance. Scalability will become an even bigger challenge. At any given moment, any of the more than half dozen PSD2 APIs will be pulling information from tens of internal systems. It should go without saying that an issue within any one of those systems will affect performance. The risk of failure is literally exponential.

My colleague, Andy Skelton, recalled what happened when the bank where he was working exposed an underwriting service as an API a few years ago. The goal of the API was to drive new business, and it succeeded so dramatically that it revealed issues around capacity. Marketing activities by other organizations were generating enough demand to create a slowdown, exacerbating spikes caused by poor internal communication. The DevOps team faced the difficult decision of which requests it should throttle–the bank’s own or those coming in over the API.

The same scenario is likely to play out in the early days of PSD2. At a minimum DevOps teams need to monitor the systems that support the new APIs, and understand how the APIs are being consumed. Tracking data in the aggregate won’t suffice. Banks will need to make sure that API calls are driving business, and they will need to be able to distinguish good partners from bad ones who may be abusing an API or unintentionally performing the equivalent of a denial of service attack.

With development teams stretched to their limits, technical leaders are pushing back on new initiatives. But they cannot postpone thinking beyond PSD2 if they want to establish first-mover advantage. Now is the time to make strategic choices about opening up banking data beyond the requirements of PSD2. For example, banks are in a position to offer far more useful bill-paying portals by establishing relationships with companies outside of the financial sector. Imagine, for example, a service that provides a customer personalized guidance and coaching on achieving his or her financial goals and that also presents approved relevant, real-time and geo-targeted offers from third-parties.

As Field CTO for EMEA at AppDynamics, I work with financial institutions to increase their speed of innovation. These days I feel a bit like Lincoln Steffens, the American journalist who after visiting Soviet Russia at the beginning of the last century famously remarked: “I have seen the future, and it works.” The great changes inspired by PSD2 are happening today. Developers and DevOps teams are getting ready. A few are already poised to take the lead. Their message to the rest of the industry? Catch us if you can.

Firaas is Regional CTO EMEA working with clients to convert performance insights into business outcomes. He is also responsible for setting AppDynamics’ regional product strategy. Before joining AppDynamics he held various positions in IT leadership at Credit Suisse.

In high-production environments where release cycles are measured in hours or minutes — not days or weeks — there's little room for mistakes and no room for confusion. Everyone has to understand what's happening, in real time, and have the means to do whatever is necessary to keep applications up and running optimally.

DevOps is a high-stakes world, but done well, it delivers the agility and performance to significantly impact business competitiveness.